Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Add your comments directly to the page. Include links to any relevant research, data, or feedback.

Page Properties
label

Status

Status
colourYellow
title

Not started

IN PROGRESS

Impact

Status
colourYellow
titleMEDIUM
(core+api+ui) or
Status
colourRed
titleHIGH
(core+api+ui+gui)

Driver

Alessandro Domanico 

Approver

Contributors

Alessandro Domanico

Stakeholders

Antonio Verni Niccolò Pasquetto 

Vito Romano

Riccardo Costa Paurav Munshi Alessandro Falezza Andrei Dodu

Informed

Ilario Gavioli

Due date

Outcome

Option 1: RBAC

Background

At the moment the user’s permission schema is realized with four tables in the DB:

...

This is ok for the Swing GUI, but in a REST application the workflow is slighty different

...

Relevant data

It would be nice to use the same DB tables, by adding new ones

Options considered

Option 1:

Option 2:

Description

RBAC

ABAC

Pros and cons

(plus) There’s a React guideline

(plus) It is already implemented

(minus) Doesn’t provide fine graned policies as ABAC

(plus) provides fine graned policies for accessing resources (see examples)

(minus) it requires a new complex architecture (see architecture)

Estimated cost

Status
colour

Red

Green
title

LARGE

LOW

Status
colourYellow
titleMEDIUM

Action items

  •  To define a permissions’ schema pattern
  •  To create a Jira issue with the specifications (
    Jira Legacy
    serverSystem JIRA
    serverIdf0d90336-9135-337c-8387-a97c21b1155f
    keyOP-868
    )

Outcome

Different analysis led to the same conclusion: in order to improve (in the short-term) the actual permissions system in the web application (core+api+ui) with minimum changes it will be enough to develop the proposed solution (Paurav Munshi) which introduces:

  • a DB table for “Entitlements” (CRUD for each entity)

  • a DB table for “Group-Entitlements” definition (linked to the actual USERGROUP)

  • Status
    colourBlue
    titleNICE TO HAVE
    a DB table for “User-Usergroup” association that allows multiple roles to the same user (it will affect also how the application works in non-web environment (core+gui)